A pricing error that lasted only minutes has left DeFi lender Moonwell with nearly $1.8 million in bad debt after a software glitch caused the value of Coinbase Wrapped ETH (cbETH) to drop to $1, instead of roughly $2,200, on the platform.
The technical glitch happened because a system update caused the platform to value cbETH based only on its relationship to ETH (about 1.12), forgetting to factor in the actual USD price of ether.
As a result, the protocol interpreted cbETH as being worth around $1.12, per an incident summary.
The issue began when a governance proposal enabled new Chainlink oracle configurations across Moonwell markets on Base and Optimism networks. An oracle is a tool that fetches real-time data before it is added to a blockchain.
In lending protocols such as Moonwell, users deposit assets like cbETH as collateral and borrow other tokens against them. If collateral falls below required thresholds, positions are automatically liquidated by bots that repay debt and seize collateral at a discount.
Once cbETH appeared to collapse from over $2,000 to just above $1, liquidation bots moved quickly. Because the protocol believed the token was nearly worthless, liquidators were able to repay roughly $1 of debt to seize one cbETH.
Risk manager Anthias Labs said 1,096.317 cbETH ($2.44 million) was seized, wiping out borrower collateral while leaving the protocol with bad debt across several markets.
The distorted pricing also allowed a smaller group of users to deposit minimal collateral and borrow cbETH at the artificially low valuation, further increasing losses.
Moonwell reduced supply and borrow caps within minutes to contain damage. However, correcting the oracle required a governance vote and a five day timelock, preventing an immediate fix.
The episode is the latest reminder that price oracles are foundational infrastructure and a key point of failure for DeFi applications. When they misfire, the smart contracts do exactly what they are programmed to do, but the balance sheet absorbs the consequences.
Meanwhile, security auditor Krum Pashov noted that GitHub commits tied to the proposal were co-authored by Claude Opus 4.6, an AI coding assistant, prompting debate over whether automated “vibe coding” contributed to the faulty oracle logic.
🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss
cbETH asset’s price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude – Is this the first hack of vibe-coded Solidity code? pic.twitter.com/4p78ZZvd67
— pashov (@pashov) February 17, 2026